How to enable or disable GSSAPI authentication in SSH

GSSAPI or Generic Security Service Application Programming Interface allows login to an SSH server via alternative mechanisms such as Kerberos.

It's useful for those who need the feature, but it's enabled by default and could unnecessarily slow the overall login process if you only use the standard password or public-key authentication methods.

You can disable or enable GSSAPI authentication for SSH via GSSAPIAuthentication directive in your SSHd configuration.

GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed. The default is no.

Steps to disable or enable GSSAPI authentication in SSH:

Launch your preferred terminal application (optional).
Open SSHd configuration file using your favorite text editor.
```
$ sudo vi /etc/ssh/sshd_config
[sudo] password for user:
```
Search for GSSAPIAuthentication directive and set the value to no to disable GSSAPIAuthentication authentication method or yes to enable.
```
GSSAPIAuthentication no
```
Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
Save and exit the text editor.
Reload or restart SSH server service.
```
$ sudo systemctl restart sshd
```
Related: How to start, restart, and stop the SSH server service

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.

Discuss the article:

Comment anonymously. Login not required.